Cyber-security: The exploits of bug hunters | The Economist

TO HELP shield their products from ransomware like the recent worldwide WannaCry attack, most big software-makers pay “bug bounties” to those who report vulnerabilities in their products that need to be patched. Payouts of up to $20,000 are common.

Google’s bounties reach $200,000, says Billy Rios, a former member of that firm’s award panel. This may sound like good money for finding a programming oversight, but it is actually “ridiculously low” according to Chaouki Bekrar, boss of Zerodium, a firm in Washington, DC, that is a dealer in “exploits”.

Last September Zerodium’s payment rates for exploits that hack iPhones tripled, from $500,000 to $1.5m. Yuriy Gurkin, the boss of Gleg, an exploit-broker in Moscow, tells a similar story. Mundane exploits for web browsers, which might, a few years ago, have fetched $5,000 or so, are now, he says, worth “several dozen thousand”.

Mike Rawson

Mike Rawson has recently re-awoken a long-standing interest in robots and our automated future.
He lives in London with a single android - a temperamental vacuum cleaner - but is looking forward to getting more cyborgs soon.